mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Make tctl bots add
display the proxy address (#16045)
* Make `tctl bots add` return the proxy address rather than the auth server address * Remove CA pins from `tctl bots add`
This commit is contained in:
parent
c219962ccc
commit
5be324c89d
|
@ -60,7 +60,7 @@ func Run(args []string, stdout io.Writer) error {
|
|||
versionCmd := app.Command("version", "Print the version of your tbot binary")
|
||||
|
||||
startCmd := app.Command("start", "Starts the renewal bot, writing certificates to the data dir at a set interval.")
|
||||
startCmd.Flag("auth-server", "Address of the Teleport Auth Server (On-Prem installs) or Proxy Server (Cloud installs).").Short('a').Envar(authServerEnvVar).StringVar(&cf.AuthServer)
|
||||
startCmd.Flag("auth-server", "Address of the Teleport Auth Server or Proxy Server.").Short('a').Envar(authServerEnvVar).StringVar(&cf.AuthServer)
|
||||
startCmd.Flag("token", "A bot join token, if attempting to onboard a new bot; used on first connect.").Envar(tokenEnvVar).StringVar(&cf.Token)
|
||||
startCmd.Flag("ca-pin", "CA pin to validate the Teleport Auth Server; used on first connect.").StringsVar(&cf.CAPins)
|
||||
startCmd.Flag("data-dir", "Directory to store internal bot data. Access to this directory should be limited.").StringVar(&cf.DataDir)
|
||||
|
|
|
@ -34,7 +34,6 @@ import (
|
|||
"github.com/gravitational/teleport/lib/asciitable"
|
||||
"github.com/gravitational/teleport/lib/auth"
|
||||
"github.com/gravitational/teleport/lib/service"
|
||||
"github.com/gravitational/teleport/lib/tlsca"
|
||||
"github.com/gravitational/teleport/lib/utils"
|
||||
"github.com/gravitational/trace"
|
||||
)
|
||||
|
@ -166,9 +165,8 @@ certificates:
|
|||
|
||||
> tbot start \
|
||||
--destination-dir=./tbot-user \
|
||||
--token={{.token}} \{{range .ca_pins}}
|
||||
--ca-pin={{.}} \{{end}}
|
||||
--auth-server={{.auth_server}}{{if .join_method}} \
|
||||
--token={{.token}} \
|
||||
--auth-server={{.addr}}{{if .join_method}} \
|
||||
--join-method={{.join_method}}{{end}}
|
||||
|
||||
Please note:
|
||||
|
@ -177,7 +175,7 @@ Please note:
|
|||
- /var/lib/teleport/bot must be accessible to the bot user, or --data-dir
|
||||
must point to another accessible directory to store internal bot data.
|
||||
- This invitation token will expire in {{.minutes}} minutes
|
||||
- {{.auth_server}} must be reachable from the new node
|
||||
- {{.addr}} must be reachable from the new node
|
||||
`))
|
||||
|
||||
// AddBot adds a new certificate renewal bot to the cluster.
|
||||
|
@ -212,28 +210,16 @@ func (c *BotsCommand) AddBot(ctx context.Context, client auth.ClientI) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Calculate the CA pins for this cluster. The CA pins are used by the
|
||||
// client to verify the identity of the Auth Server.
|
||||
localCAResponse, err := client.GetClusterCACert(ctx)
|
||||
proxies, err := client.GetProxies()
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
caPins, err := tlsca.CalculatePins(localCAResponse.TLSCA)
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
if len(proxies) == 0 {
|
||||
return trace.Errorf("This cluster does not have any proxy servers running.")
|
||||
}
|
||||
|
||||
authServers, err := client.GetAuthServers()
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
if len(authServers) == 0 {
|
||||
return trace.Errorf("This cluster does not have any auth servers running.")
|
||||
}
|
||||
|
||||
addr := authServers[0].GetPublicAddr()
|
||||
addr := proxies[0].GetPublicAddr()
|
||||
if addr == "" {
|
||||
addr = authServers[0].GetAddr()
|
||||
addr = proxies[0].GetAddr()
|
||||
}
|
||||
|
||||
joinMethod := response.JoinMethod
|
||||
|
@ -248,8 +234,7 @@ func (c *BotsCommand) AddBot(ctx context.Context, client auth.ClientI) error {
|
|||
return startMessageTemplate.Execute(os.Stdout, map[string]interface{}{
|
||||
"token": response.TokenID,
|
||||
"minutes": int(time.Duration(response.TokenTTL).Minutes()),
|
||||
"ca_pins": caPins,
|
||||
"auth_server": addr,
|
||||
"addr": addr,
|
||||
"join_method": joinMethod,
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue